Jump to content
NME312

Port Forwarding Issue (Remote Client Unable to Connect)

Recommended Posts

NME312

I have a question about remote clients connecting to my local emby server. 

I have set up port forwarding on my pfsense firewall to my emby server. I have checked the rule and confirmed the ports are open and accepting request. Running the test from pfsense also shows the ports on the emby server as being responsive and open. 

I can hit the url from the outside and confirm that ssl cert is poplutated and working. When I got to link the emby server to the web client or mobile client, I receive the connection failure message. This was all working, but it seems one i changed the port from the default 8096 to a secure port. It will not connect successfully. 

Has anyone any insight or resolutions to this kind of issue? 

Also on the Emby dashboard, it shows the remote wan access port as 8096, even though I have it configured as a different port number. The default http is 8096, but i have changed the https public port. Is there something Im missing? Do I need to do some type of redirection or change a configuration file in the Emby server itself? 

 

Any help would be much appreciated. 

Share this post


Link to post
Share on other sites
Luke

Hi there, what kind of SSL cert are you using?

Share this post


Link to post
Share on other sites
rbjtech
8 hours ago, NME312 said:

Do I need to do some type of redirection or change a configuration file in the Emby server itself? 

Yes - have a look at the SSL guides - but in summary, under 'Network' - you need to point emby to your SSL Cert and provide the Cert password you used to create it.  Then restart emby. Unless you do this, the security chain for SSL is not complete and emby will not use SSL...  Once you get a WAN IP (or FQDN) using the SSL Port you specified (8920 is default) shown in the dashboard - then you should be good to go.

Edited by rbjtech

Share this post


Link to post
Share on other sites
NME312
6 hours ago, Luke said:

Hi there, what kind of SSL cert are you using?

SSL Cert

Share this post


Link to post
Share on other sites
Luke
14 hours ago, NME312 said:

SSL Cert

From where?

Share this post


Link to post
Share on other sites
NME312

its a free cert service zerossl. 

 

Edited by NME312

Share this post


Link to post
Share on other sites
rbjtech

it's a lets encrypt cert - this used to be ssl4free.

@NME312 - did you see my post above ?  Have you correctly converted and imported the cert into emby ?

Share this post


Link to post
Share on other sites
NME312

@rbjtech yes, i see your post. Is there any issues with using a free cert? Im not oppose to purchasing one. Just figured, I would use a free one to test out the capabilities. 

 

If was able to load the cert with the private key. It took the cert and everything, but the dashboard never shown that it was using the 8920 port. 

Edited by NME312

Share this post


Link to post
Share on other sites
rbjtech

Hiya - no issues with a free Cert at all - Lets-Encypt are a widely approved CA  - that's what I use as do millions of other web sites.

The issue I think may be in your config of the cert - ie is it a PKCS#12 type cert (.pfx in Windows) and when creating the private key, did you use a password ?

Windows has a built in utility to check the cert - once you enter the cert password, it should show something like this -

C:\Users\Richard>certutil "C:\Emby-Server\emby.XXX.XXX.pfx"
Enter PFX password:
================ Certificate 0 ================
================ Begin Nesting Level 1 ================
Element 0:
Serial Number: *****
Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US
 NotBefore: 14/07/2020 18:18
 NotAfter: 12/10/2020 18:18
Subject: CN=*** < your FQDN - this MUST be the same FQDN you use on the emby server in the domain field.
Non-root Certificate
Cert Hash(sha1): *****
----------------  End Nesting Level 1  ----------------
  Provider = Microsoft RSA SChannel Cryptographic Provider
Encryption test passed

================ Certificate 1 ================
 

There are a couple of guides on this in detail -

https://support.emby.media/support/solutions/articles/44001160086-secure-your-server

 

Share this post


Link to post
Share on other sites
NME312

Maybe that is part of my issue, I ran the command you instructed (thank you, just learned something new!). It did not prompt me for a password? I did create a password when creating the cert in IIS. 

The Output shows Certs 0, 1, 2. Cert 2 shows that the issuer is zerossl, has the FQDN, but shows the encryption test failed!

Maybe, I need to create a whole new cert all together? 

Share this post


Link to post
Share on other sites
cayars
On 9/10/2020 at 11:28 AM, NME312 said:

Maybe that is part of my issue, I ran the command you instructed (thank you, just learned something new!). It did not prompt me for a password? I did create a password when creating the cert in IIS. 

The Output shows Certs 0, 1, 2. Cert 2 shows that the issuer is zerossl, has the FQDN, but shows the encryption test failed!

Maybe, I need to create a whole new cert all together? 

Have you got this fixed up yet or are you still stuck?

Share this post


Link to post
Share on other sites
NME312

Still stuck unfortunately. 
 

I tried exporting the cert again, readding the private key and same thing. 
 

My port forwarding rule works on the Firewall. 
 

So it definitely a cert issue, seems to me. 

I basically am unable to connect externally. If I allow connections from http, works fine, but once I Force https connections, no go  

This where I’m stuck, do you have any recommendations? 

Edited by NME312

Share this post


Link to post
Share on other sites
NME312

Added

Share this post


Link to post
Share on other sites
cayars

If you want to install Teamviewer from www.teamviewer.com I can give you a hand remotely getting this generated.

Install it, then PM me the userid and one-time use password and I'll remote in and open chat.

Share this post


Link to post
Share on other sites
NME312

@cayars if you have availability today, we can work on this. Are you a emby support specialists? 

 

Edited by NME312

Share this post


Link to post
Share on other sites
cayars

We can try but I'm not a pfsense user so...

Install TeamViewer from www.teamviewer.com and install it.

Private Message me your UserID and one-time Passcode that shows up on launch.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...